On Aug. 10, federal investigators searched Grant Michalski's home in Columbus, Ohio, and found an iPhone X. Agents required him to put his face in front of the phone to unlock it, according to court documents.

"The phone was unlocked pursuant to the facial recognition feature on the iPhone X, and your affiant was able to briefly review the contents of the phone," the document said.

After unlocking the device at Michalski's home through Face ID, investigators found chat logs detailing interests in child pornography.

But FBI agents haven't been able to unlock the iPhone X since moving the seized device to the agency's Columbus office. While they were able to unlock it on the spot with Michalski's cooperation through Face ID, he hasn't given investigators the password to his iPhone X.

Passwords are much harder for law enforcement to get than physical characteristics used for biometric locks such as Face ID and fingerprint readers. That's because biometrics aren't covered by the Fifth Amendment, which protects people from self-incrimination. Giving up a password could be considered self-incrimination.

The reason for the difference is that police can obtain biometrics, like your face and your fingerprints, through procedural measures such as mugshots, legal experts say. But passwords are something only the person who set them would know.

Neither the FBI nor the DoJ responded to a request for comment. Michalski's attorney didn't immediately respond to a request for comment. Apple didn't respond to a request for comment.

The legal difference between passwords and biometrics allowed FBI agents to request that Michalski unlock his iPhone X on the spot through Face ID. But they didn't ask him for the password, and still don't have it. In the FBI's warrant, the agency asked to use extraction devices to pull data out of the iPhone X without requiring a password -- which would include information like deleted photos and text messages.

It's unclear what specific extraction device investigators are requesting from Columbus Police Department to extract that data without a password, but companies like Grayshift and Cellebrite have been known to provide that service to US agencies.

The Columbus Police Department didn't respond to a request for comment.